Buffer overflow in Blue Coat's WinProxy
A specially prepared HTTP CONNECT query can cause a buffer overflow in Blue Coat's WinProxy. According to a security advisory published by service provider iDefense, the proxy then crashes, possibly allowing attackers to inject code .
iDefense does not, however, provide any details about the hole, merely adding that versions 6.1a and 6.0r1c are affected. Blue Coat has already released a corrected version (6.1r1c) for downloading. Users of the software should either upgrade to the current version or disable the HTTP proxy.
- Blue Coat Systems WinProxy CONNECT Method Heap Overflow Vulnerability, iDefense's security advisory
- Click to start download of the current version not containing the flaw
(trk)